steampipe plugin install aws

Table: aws_resource_explorer_search - Query AWS Resource Explorer using SQL

The AWS Resource Explorer allows you to inspect and navigate your AWS resources using a visual interface. It provides a unified view of all your AWS resources, enabling you to see their relationships and dependencies. With the AWS Resource Explorer, you can search, filter, and manage your resources across multiple AWS services.

Table Usage Guide

The aws_resource_explorer_search table in Steampipe provides you with information about resources across all AWS services. This table allows you, as a DevOps engineer, to query resource-specific details, including the service name, resource type, resource ID, and associated tags. You can utilize this table to gather insights on resources, such as identifying resources without tags, resources of a specific type, resources associated with a specific service, and more. The schema outlines the various attributes of the resources, including the resource ARN, resource type, and associated tags.

Important Notes Before you use this table, it's recommended that you:

  • Configure Resource Explorer using quick setup

  • If you're using advanced setup instead, it's recommended that you create at least 1 aggregator index and a default view in that region

  • This table uses the aggregator index in your AWS account when searching for resources. A view ARN can also be specified in the view_arn column. If your account doesn't have an aggregator index and no view ARN is specified, the table will return an error.

  • All queries can only return the first 1,000 results due to a limitation by the API. If the resource you're looking for is not included, you can use a more refined query string.

  • Specifying query is not required, and if a search query is run without it, the first 1,000 results will be returned. However, if you'd like to specify query, please see the examples below along with Search query syntax reference for Resource Explorer.

Examples

Basic info

Explore which resources are being utilized in your AWS environment, including where they are located and who owns them. This information can help you manage resources effectively and identify areas for potential optimization or security improvements.

select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search;
select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search;

List non-IAM resources

This query allows you to identify all resources within your AWS environment that are not associated with the IAM service. This can be particularly useful for understanding the overall distribution and utilization of your resources across different AWS services.

select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
query = '-service:iam';
select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
query = '-service:iam';

List non-IAM resources in us-* regions

Determine the areas in which non-IAM resources are located within US regions. This allows for a comprehensive understanding of resource distribution and ownership across specific geographical zones.

select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
query = '-service:iam region:us-*';
select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
query = '-service:iam region:us-*';

List IAM user resources

Explore which IAM user resources are present within a specific AWS account and region. This can be useful to determine the areas in which these resources are distributed, aiding in resource management and security auditing.

select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
query = 'resourcetype:iam:user';
select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
query = 'resourcetype:iam:user';

List resources with user created tags

Determine the areas in which resources are without user-created tags to assess the elements within AWS that may require additional organization or categorization.

select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
query = '-tag:none';
select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
query = '-tag:none';

List resources with tag key environment

Discover the segments that are tagged with the key 'environment' across various resources in your AWS environment. This allows for better resource management and environment-specific optimizations.

select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
query = 'tag.key:environment';
select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
query = 'tag.key:environment';

List resources with global scope

Explore which resources have a global scope, helping to understand the distribution and type of resources across different regions. This can be useful to identify potential areas for cost optimization or to assess security configurations across a global infrastructure.

select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
query = 'region:global';
select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
query = 'region:global';

Search for reosurces with a specific view

Explore which resources are associated with a specific view in the AWS Resource Explorer. This is useful to manage and keep track of resources tied to a particular view, aiding in efficient resource management.

select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
view_arn = 'arn:aws:resource-explorer-2:ap-south-1:111122223333:view/view1/7c9e9845-4736-409f-9c0f-673fe7ce3e46';
select
arn,
region,
resource_type,
service,
owning_account_id
from
aws_resource_explorer_search
where
view_arn = 'arn:aws:resource-explorer-2:ap-south-1:111122223333:view/view1/7c9e9845-4736-409f-9c0f-673fe7ce3e46';

Schema for aws_resource_explorer_search

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
arntextThe Amazon resource name (ARN) of the resource.
last_reported_attimestamp with time zoneThe date and time that Resource Explorer last queried this resource and updated the index with the latest information about the resource.
owning_account_idtextThe Amazon Web Services account that owns the resource.
propertiesjsonbAdditional type-specific details about the resource.
querytext=A string that includes keywords and filters that specify the resources to include in the search results.
regiontextThe AWS Region in which the resource was created and exists.
resource_typetextThe type of the resource.
servicetextThe Amazon Web Service that owns the resource and is responsible for creating and updating it.
view_arntext=The Amazon resource name (ARN) of the view that this table uses to perform the search.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_resource_explorer_search